GoogleOSV:GHSA-FJH2-QHFH-RVFCJenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks
An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
References
github.com/jenkinsci/maven-artifact-choicelistprovider-plugin
github.com/jenkinsci/maven-artifact-choicelistprovider-plugin/commit/2d2e20cc00a29abf435afcad12cfc9ddadf76d89
github.com/jenkinsci/maven-artifact-choicelistprovider-plugin/commit/5a3a3ff1e7416623c531601620305640ef4c8e28
github.com/jenkinsci/maven-artifact-choicelistprovider-plugin/commit/99d97c028fbc0672b729d052d4bfc4dfa9674f23
jenkins.io/security/advisory/2018-07-30/#SECURITY-1022
nvd.nist.gov/vuln/detail/CVE-2018-1999030
Related
